Monitoring and Analysis

Which of the following is not true concerning a padded cell?
Is often place inside a honey pot
Which of the following is not included in a system level audit event? (Select two)
-Names of accessed files
-any actions performed by the user
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identities listed in a database?
Signature based
A recreation of historical events is made possible through?
Audit Trails
Network-based intrusion detection system is most suited to detect and prevent which types of attacks?
Bandwidth-based Denial of Service
What is the purpose of audit trails?
Detect security-violating events
A honey pot is used for what purpose?
To delay intruders in order to gather auditing data
Which of the following is a collection of recorded data that may include details bout logons, object access, and other activities deemed important by your security policy that is often used to detect unwanted and unauthorized user activity?
Audit trail
What actions can a typical passive Intrusion Detection System (IDS) take when it detects an attack? (Select two)
-An alert is generated and delivered via e-mail, the consoles, or an SNMP trap
-The IDS logs all pertinent data about the intrusion
Audit trails produced by auditing activities are considered what type of security control?
Detective
The auditing feature of an operating system serves as what form of control when users are informed that their actions are being monitored?
Preventive
Network-based intrusion detection systems (IDS) are able to detect which type of attacks? (Select two)
-Port scanning
-Denial of service
Which of the following is a security service that monitors network traffic in real time or reviews the audit logs on servers looking for security violations?
IDS
What security mechanism can be used to detect attacks originating on the Internet or from within an internal trusted subnet?
IDS
Which of the following best describes an audit daemon?
The trusted utility that runs a background process whenever auditing is enabled
If maintaining confidentiality is of the utmost importance to your organization, what is the best response when an intruder is detected on your network?
Disconnect the intruder
An active IDS system often performs which of the following actions? (Select two)
-Update filters to block suspect traffic
-Perform reverse look ups to identify an intruder